1
General ElkArte discussions / Re: How to integrate ElkArte and fail2ban?
Last post by Spuds -If you just want to trigger fail2ban based off the Elkarte login page getting hit, then (untested) you would do
1) find where you server is saves its access log, example /var/log/nginx/access.log
2) in that log you should see the submit page for the login /index.php?action=login2 if its getting hit you will see that with the same ip address over and over
3) create a f2b filter /etc/fail2ban/filter.d/elkarte-login-abuse.conf with the following
Code: [Select]
[Definition]4) add the above to your fail2ban jail jail.local
failregex = <HOST> -.*"(GET|POST) /index.php\?action=login2.* HTTP/.*"
ignoreregex =
Code: [Select]
[elkarte-login-abuse]maxretry: 4 requests in
enabled = true
port = http,https
filter = elkarte-login-abuse
logpath = /var/log/nginx/access.log
maxretry = 4
findtime = 300
bantime = 86400
action = iptables[name=elkarte-login-abuse, port=http, protocol=tcp]
findtime: 300 seconds (5 minutes) triggers the ban.
bantime: 86400 seconds (24 hours). ban time
adjust to your liking
5) restart fail2ban sudo systemctl restart fail2ban